July 24, 2005

New USB Hack

Security

I learned on Slashdot this morning that there is a new exploitable bug with USB. I’ve always wanted to be able to just plug in a usb key and have it run autohack.bat. ;)

But, SPI come on…what kind of responsible disclosure is this?! A quote on eWeek from your CTO?! Not to mention openly admitting that you haven’t informed Microsoft of the issue yet (even though it is a hardware issue) and then proceeding to promote your talk at Black Hat next week! Come on, SPI…I thought you were better than that. Or is this just some sort of security bug premature disclosure because you got so excited about finding a bug, you just couldn’t control yourself?

posted by Damon @ 10:23 am |

1 Comment so far
Leave a comment

Sounds like SPI got a case of the “look-what-I-found giddies” and are trying to leverage it. Why not? They found it just in time for BH, they should definitely use that to their advantage. Ultimately though, they should still have an open disclosure on this right quick.

By Rnaston 08.05.05 12:26 pm

RSS feed for comments on this post. TrackBack URI


Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>